Beware of fake job applications containing ransomware

Fake job application emails are currently doing the rounds in Germany, which infect windows PCs with ransomware, encrypt files and try to blackmail users into paying ransom.

Such emails are in the main addressed to human resources staff in a targeted manner. The malware known as “Gandcrab” is concealed in an executable .exe file within an attached zip archive. As soon as this is run, Gandcrab encrypts the files on the PC as well as those contained on removable storage media or on the network. Files that have already been locked have the ending .krab according to a report from “heise Security”. Thus far a free decryption tool is not yet available.

The fake applications have subject lines like “Application for the Advertised Position – Hannah Sommer”, but there are also emails with other names in circulation. It’s not only in human resources departments that one generally has to be careful with each incoming email and never open attachments or click on links without thinking twice.

Retarus E-Mail Security customers, and particularly those with Advanced Threat Protection (ATP) can feel secure regardless in the case of Gandcrab: at Virustotal 37 out of 67 virus scanners (as of yesterday morning) already recognize the infected attachment, and “heise Security” also expressly name several scanning engines employed by Retarus.